Jump to content
dirtycash

Yahoo Open URL Redirection

Recommended Posts

Posted

ru_yahoo-iphone.png

Link Vulnerabil:

http://us.ard.yahoo.com/SIG=15n3q5c29/M=289534.11223993.11781333.10885343/D=he/S=18343859:FOOT2/Y=YAHOO/EXP=1274825933/L=YcSUjEKjqNAC2RCjS_sbeRbo0GpsAkv8MK0ACDlS/B=pFuES2KJiR0-/J=1274818733570885/K=FPiTgxmujdul0W5j.k5shQ/A=4808190/R=0/SIG=1136qnvkg/* 

Exploit

Adaugam la sfarsitul link-ului dupa */ site-u dorit, de exemplu : RST.

Proof:

http://us.ard.yahoo.com/SIG=15n3q5c29/M=289534.11223993.11781333.10885343/D=he/S=18343859:FOOT2/Y=YAHOO/EXP=1274825933/L=YcSUjEKjqNAC2RCjS_sbeRbo0GpsAkv8MK0ACDlS/B=pFuES2KJiR0-/J=1274818733570885/K=FPiTgxmujdul0W5j.k5shQ/A=4808190/R=0/SIG=1136qnvkg/*http://rstforums.com

Sursa:

Full Disclosure: Yahoo Open Redirect Vulnerability - or "Designing vulnerabilities"

Rog un moderator sa mute topic-ul la sectiunea Exploit-uri

Posted

Raportat de mine si am primit primit raspunsul asta

Thanks for the submission. Can you please let us know the complete POC; step by step instruction for how you created that url. Have you received "Yahoo! has detected potential security problems from following this link; reasons for this may include it being an expired link, etc. Click here at your own risk. " error when you generated this issue?

Le-am dat mai multe detalii acum aprx. o saptamana si momentan nu am primit nici un raspuns

PS: Am mai raportat o vulnerabilitate tot atunci care a fost validata

  • Active Members
Posted
Raportat de mine si am primit primit raspunsul asta

Le-am dat mai multe detalii acum aprx. o saptamana si momentan nu am primit nici un raspuns

PS: Am mai raportat o vulnerabilitate tot atunci care a fost validata

In cat timp ti-au raspuns? la mine m-au tinut de o luna ba ca sa le trimit prin formu de bugbouny ba sa le urc video-ul pe youtube si nici acuma nu am un raspuns.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...